public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Mattias Ellert <mattias.ellert@physics.uu.se>
To: git-commits@fedoraproject.org
Subject: [rpms/globus-gsi-credential] rawhide: Compile with OpenSSL 4
Date: Sun, 14 Jun 2026 08:48:39 GMT [thread overview]
Message-ID: <178142691900.1.15955051551463147434.rpms-globus-gsi-credential-62a68d2b8f64@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/globus-gsi-credential
Branch : rawhide
Commit : 62a68d2b8f64a20cb68a447821f5bbd015e61ac2
Author : Mattias Ellert <mattias.ellert@physics.uu.se>
Date : 2026-06-14T10:39:13+02:00
Stats : +2001/-1 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/globus-gsi-credential/c/62a68d2b8f64a20cb68a447821f5bbd015e61ac2?branch=rawhide
Log:
Compile with OpenSSL 4
---
diff --git a/0001-Untabify-and-remove-trailing-white-space.patch b/0001-Untabify-and-remove-trailing-white-space.patch
new file mode 100644
index 0000000..739ecc6
--- /dev/null
+++ b/0001-Untabify-and-remove-trailing-white-space.patch
@@ -0,0 +1,1921 @@
+From 3ccdaa0236230bbcbcbf339e7dfdfaf23c10bd6f Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Wed, 20 May 2026 00:15:37 +0200
+Subject: [PATCH 1/2] Untabify and remove trailing white-space
+
+---
+ .../source/library/globus_gsi_cred_handle.c | 178 ++++-----
+ .../source/library/globus_gsi_credential.c | 340 +++++++++---------
+ 2 files changed, 259 insertions(+), 259 deletions(-)
+
+diff --git a/gsi/credential/source/library/globus_gsi_cred_handle.c b/gsi/credential/source/library/globus_gsi_cred_handle.c
+index 81acd5b43..cf3dc2a18 100644
+--- a/gsi/credential/source/library/globus_gsi_cred_handle.c
++++ b/gsi/credential/source/library/globus_gsi_cred_handle.c
+@@ -47,7 +47,7 @@
+ *
+ * @param handle
+ * The handle to be initialized
+- * @param handle_attrs
++ * @param handle_attrs
+ * The immutable attributes of the handle
+ *
+ * @return
+@@ -93,13 +93,13 @@ globus_gsi_cred_handle_init(
+
+ if(handle_attrs == NULL)
+ {
+- result = globus_gsi_cred_handle_attrs_init(&(*handle)->attrs);
++ result = globus_gsi_cred_handle_attrs_init(&(*handle)->attrs);
+ }
+ else
+ {
+ result = globus_gsi_cred_handle_attrs_copy(
+- handle_attrs,
+- & (*handle)->attrs);
++ handle_attrs,
++ & (*handle)->attrs);
+ }
+
+ if(result != GLOBUS_SUCCESS)
+@@ -130,7 +130,7 @@ globus_gsi_cred_handle_init(
+ *
+ * @param handle
+ * The credential handle to be destroyed
+- * @return
++ * @return
+ * GLOBUS_SUCCESS
+ */
+ globus_result_t
+@@ -160,7 +160,7 @@ globus_gsi_cred_handle_destroy(
+
+ globus_libc_free(handle);
+ }
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+
+ return GLOBUS_SUCCESS;
+@@ -198,7 +198,7 @@ globus_gsi_cred_handle_copy(
+ (_GCRSL("Null parameter passed to function")));
+ goto exit;
+ }
+-
++
+ if(source->attrs)
+ {
+ result = globus_gsi_cred_handle_init(dest, source->attrs);
+@@ -254,13 +254,13 @@ globus_gsi_cred_handle_copy(
+ {
+ int chain_index = 0;
+ (*dest)->cert_chain = sk_X509_new_null();
+- for(chain_index = 0;
+- chain_index < sk_X509_num(source->cert_chain);
++ for(chain_index = 0;
++ chain_index < sk_X509_num(source->cert_chain);
+ ++chain_index)
+ {
+- sk_X509_insert((*dest)->cert_chain,
++ sk_X509_insert((*dest)->cert_chain,
+ X509_dup(sk_X509_value(source->cert_chain,
+- chain_index)),
++ chain_index)),
+ chain_index);
+ }
+ }
+@@ -272,7 +272,7 @@ globus_gsi_cred_handle_copy(
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+ }
+-
++
+ /**
+ * @brief Get the handle attributes
+ * @ingroup globus_gsi_cred_handle
+@@ -361,7 +361,7 @@ globus_gsi_cred_get_goodtill(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL cred handle parameter passed to function: %s"),
++ (_GCRSL("NULL cred handle parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+@@ -406,7 +406,7 @@ globus_gsi_cred_get_lifetime(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL credential handle passed to function: %s"),
++ (_GCRSL("NULL credential handle passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+@@ -437,7 +437,7 @@ globus_gsi_cred_get_lifetime(
+ * @return
+ * GLOBUS_SUCCESS or an error captured in a globus_result_t
+ */
+-globus_result_t
++globus_result_t
+ globus_gsi_cred_get_key_bits(
+ globus_gsi_cred_handle_t cred_handle,
+ int * key_bits)
+@@ -452,21 +452,21 @@ globus_gsi_cred_get_key_bits(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL cred handle parameter passed to function: %s"),
++ (_GCRSL("NULL cred handle parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+-
++
+ if(key_bits == NULL)
+ {
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL key_bits parameter passed to function: %s"),
++ (_GCRSL("NULL key_bits parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+-
++
+ if(cred_handle->cert == NULL)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -475,7 +475,7 @@ globus_gsi_cred_get_key_bits(
+ (_GCRSL("The credential's cert is NULL")));
+ goto error_exit;
+ }
+-
++
+ pkey = X509_get_pubkey(cred_handle->cert);
+ if(pkey == NULL)
+ {
+@@ -520,7 +520,7 @@ globus_gsi_cred_get_key_bits(
+ * passed in can be NULL which will set the cert in
+ * the handle to NULL, freeing the current cert in the
+ * handle.
+- * @return
++ * @return
+ * GLOBUS_SUCCESS or an error object id if an error
+ */
+ globus_result_t
+@@ -537,7 +537,7 @@ globus_gsi_cred_set_cert(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL credential handle passed to function: %s"),
++ (_GCRSL("NULL credential handle passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+@@ -580,7 +580,7 @@ globus_gsi_cred_set_cert(
+ * @brief Get the credential's certificate
+ * @ingroup globus_gsi_cred_handle
+ * @details
+- * Get the certificate of a credential
++ * Get the certificate of a credential
+ *
+ * @param handle
+ * The credential handle to get the certificate from
+@@ -647,10 +647,10 @@ globus_gsi_cred_get_cert(
+ *
+ * @param handle
+ * The handle on which to set the key.
+- * @param key
++ * @param key
+ * The private key to set the handle's key to. This
+ * value can be NULL, in which case the current handle's
+- * key is freed.
++ * key is freed.
+ */
+ globus_result_t
+ globus_gsi_cred_set_key(
+@@ -720,7 +720,7 @@ globus_gsi_cred_set_key(
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+
+ return result;
+-}
++}
+ /* globus_gsi_cred_set_key() */
+
+ /**
+@@ -733,9 +733,9 @@ globus_gsi_cred_set_key(
+ * The credential handle containing the private key to get
+ * @param key
+ * The private key which after this function returns is set
+- * to a duplicate of the private key of the credential
++ * to a duplicate of the private key of the credential
+ * handle. This variable needs to be freed by the user when
+- * it is no longer used via the function EVP_PKEY_free.
++ * it is no longer used via the function EVP_PKEY_free.
+ *
+ * @return
+ * GLOBUS_SUCCESS or an error object identifier
+@@ -801,7 +801,7 @@ globus_gsi_cred_get_key(
+ return result;
+ }
+ /* globus_gsi_cred_get_key() */
+-
++
+ /**
+ * @brief Set the certificate chain
+ * @ingroup globus_gsi_cred_handle
+@@ -865,7 +865,7 @@ globus_gsi_cred_set_cert_chain(
+ (_GCRSL("Couldn't initialize credential's cert chain")));
+ goto error_exit;
+ }
+-
++
+ for(i = 0; i < numcerts; ++i)
+ {
+ if((tmp_cert = X509_dup(sk_X509_value(cert_chain, i))) == NULL)
+@@ -940,7 +940,7 @@ globus_gsi_cred_get_cert_chain(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL cert chain parameter passed to function: %s"),
++ (_GCRSL("NULL cert chain parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+@@ -988,7 +988,7 @@ globus_gsi_cred_get_cert_chain(
+ * @param subject_name
+ * The subject name as an X509_NAME object. This should be freed
+ * using X509_NAME_free when the user is finished with it
+- * @return
++ * @return
+ * GLOBUS_SUCCESS if no error, a error object id otherwise
+ */
+ globus_result_t
+@@ -1014,12 +1014,12 @@ globus_gsi_cred_get_X509_subject_name(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL subject name parameter passed to function: %s"),
++ (_GCRSL("NULL subject name parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+
+- if((*subject_name =
++ if((*subject_name =
+ X509_NAME_dup(X509_get_subject_name(handle->cert))) == NULL)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1064,7 +1064,7 @@ globus_gsi_cred_get_X509_identity_name(
+ STACK_OF(X509) * cert_chain = NULL;
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+-
++
+ if(handle == NULL)
+ {
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+@@ -1082,7 +1082,7 @@ globus_gsi_cred_get_X509_identity_name(
+ (_GCRSL("NULL identity name passed to function: %s"), __func__));
+ goto error_exit;
+ }
+-
++
+ identity = X509_NAME_dup(X509_get_subject_name(handle->cert));
+
+ if(handle->cert_chain == NULL)
+@@ -1120,7 +1120,7 @@ globus_gsi_cred_get_X509_identity_name(
+ {
+ sk_X509_free(cert_chain);
+ }
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+ }
+@@ -1138,7 +1138,7 @@ globus_gsi_cred_get_X509_identity_name(
+ * @param subject_name
+ * The subject name as a string. This should be freed
+ * using OPENSSL_free() when the user is finished with it
+- * @return
++ * @return
+ * GLOBUS_SUCCESS if no error, a error object id otherwise
+ */
+ globus_result_t
+@@ -1161,7 +1161,7 @@ globus_gsi_cred_get_subject_name(
+ }
+
+ /* ToDo: This logic needs fixing. The subject_name is passed up and is
+- freed by the caller - but it must be freed with OPENSSL_free(),
++ freed by the caller - but it must be freed with OPENSSL_free(),
+ not free() and the caller cant be expected to know that */
+ if((*subject_name = X509_NAME_oneline(x509_subject, NULL, 0)) == NULL)
+ {
+@@ -1202,7 +1202,7 @@ globus_gsi_cred_get_subject_name(
+ * the stack of policies retrieved from the handle's cert chain
+ * @return
+ * GLOBUS_SUCCESS or an error object if an error occurred
+- */
++ */
+ globus_result_t
+ globus_gsi_cred_get_policies(
+ globus_gsi_cred_handle_t handle,
+@@ -1263,7 +1263,7 @@ globus_gsi_cred_get_policies(
+ {
+ /* no proxycertinfo extension = so no policy for this cert */
+ policy_string = (unsigned char *) GLOBUS_NULL_POLICY;
+- policy_string_length = strlen(GLOBUS_NULL_POLICY);
++ policy_string_length = strlen(GLOBUS_NULL_POLICY);
+ }
+ else
+ {
+@@ -1311,7 +1311,7 @@ globus_gsi_cred_get_policies(
+ goto error_exit;
+ }
+
+- final_policy_string = NULL;
++ final_policy_string = NULL;
+
+ PROXY_CERT_INFO_EXTENSION_free(pci);
+ pci = NULL;
+@@ -1336,9 +1336,9 @@ globus_gsi_cred_get_policies(
+ sk_OPENSSL_STRING_pop_free(*policies, (void (*) (char *)) free);
+ }
+ *policies = NULL;
+-
++
+ exit:
+-
++
+ if(pci != NULL)
+ {
+ PROXY_CERT_INFO_EXTENSION_free(pci);
+@@ -1362,7 +1362,7 @@ globus_gsi_cred_get_policies(
+ * the stack of policies retrieved from the handle's cert chain
+ * @return
+ * GLOBUS_SUCCESS or an error object if an error occurred
+- */
++ */
+ globus_result_t
+ globus_gsi_cred_get_policy_languages(
+ globus_gsi_cred_handle_t handle,
+@@ -1419,7 +1419,7 @@ globus_gsi_cred_get_policy_languages(
+
+ if(pci == NULL || (policy = pci->proxyPolicy) == NULL)
+ {
+- /* no proxycertinfo extension, so no policy
++ /* no proxycertinfo extension, so no policy
+ * language for this cert */
+ policy_language = GLOBUS_NULL;
+ }
+@@ -1428,7 +1428,7 @@ globus_gsi_cred_get_policy_languages(
+ policy_language = policy->policyLanguage;
+ }
+
+- if(sk_ASN1_OBJECT_push(*policy_languages,
++ if(sk_ASN1_OBJECT_push(*policy_languages,
+ OBJ_dup(policy_language)) == 0)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1454,9 +1454,9 @@ globus_gsi_cred_get_policy_languages(
+ }
+
+ *policy_languages = NULL;
+-
++
+ exit:
+-
++
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+@@ -1475,7 +1475,7 @@ globus_gsi_cred_get_policy_languages(
+ * @param issuer_name
+ * The issuer name as an X509_NAME object. This should be freed
+ * using X509_NAME_free when the user is finished with it
+- * @return
++ * @return
+ * GLOBUS_SUCCESS if no error, a error object id otherwise
+ */
+ globus_result_t
+@@ -1501,12 +1501,12 @@ globus_gsi_cred_get_X509_issuer_name(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL issuer name parameter passed to function: %s"),
++ (_GCRSL("NULL issuer name parameter passed to function: %s"),
+ __func__));
+ goto error_exit;
+ }
+
+- if((*issuer_name =
++ if((*issuer_name =
+ X509_NAME_dup(X509_get_issuer_name(handle->cert))) == NULL)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1567,9 +1567,9 @@ globus_gsi_cred_get_issuer_name(
+ (_GCRSL("NULL issuer name passed to function: %s"), __func__));
+ goto error_exit;
+ }
+-
++
+ /* TODO: This logic needs fixing. The issuer_name is passed up and is
+- freed by the caller - but it must be freed with OPENSSL_free(),
++ freed by the caller - but it must be freed with OPENSSL_free(),
+ not free() and the caller cant be expected to know that */
+ if((*issuer_name = X509_NAME_oneline(
+ X509_get_issuer_name(handle->cert), NULL, 0)) == NULL)
+@@ -1580,9 +1580,9 @@ globus_gsi_cred_get_issuer_name(
+ (_GCRSL("Couldn't get subject name of credential's cert")));
+ goto error_exit;
+ }
+-
++
+ result = GLOBUS_SUCCESS;
+-
++
+ error_exit:
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+@@ -1635,7 +1635,7 @@ globus_gsi_cred_get_identity_name(
+ }
+
+ result = globus_gsi_cred_get_X509_identity_name(handle, &identity);
+-
++
+ if(result != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -1645,7 +1645,7 @@ globus_gsi_cred_get_identity_name(
+ }
+
+ /* ToDo: This logic needs fixing. The identity_name is passed up and is
+- freed by the caller - but it must be freed with OPENSSL_free(),
++ freed by the caller - but it must be freed with OPENSSL_free(),
+ not free() and the caller cant be expected to know that */
+ *identity_name = X509_NAME_oneline(identity, NULL, 0);
+
+@@ -1656,7 +1656,7 @@ globus_gsi_cred_get_identity_name(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED_CERT_NAME,
+ (_GCRSL("Unable to convert X509_NAME to string")));
+ }
+-
++
+ error_exit:
+
+ if(identity)
+@@ -1700,7 +1700,7 @@ globus_gsi_cred_verify_cert_chain(
+ globus_result_t result = GLOBUS_SUCCESS;
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+-
++
+ cert_store = X509_STORE_new();
+ if (cert_store == NULL)
+ {
+@@ -1710,7 +1710,7 @@ globus_gsi_cred_verify_cert_chain(
+ goto exit;
+ }
+
+- X509_STORE_set_verify_cb_func(cert_store,
++ X509_STORE_set_verify_cb_func(cert_store,
+ globus_gsi_callback_create_proxy_callback);
+ X509_STORE_set_depth(cert_store, GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+
+@@ -1725,7 +1725,7 @@ globus_gsi_cred_verify_cert_chain(
+
+ tmp_cert = cred_handle->cert;
+ cert = tmp_cert;
+-
++
+ if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+ {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+@@ -1746,17 +1746,17 @@ globus_gsi_cred_verify_cert_chain(
+
+ X509_STORE_CTX_set_ex_data(
+ store_context,
+- callback_data_index,
++ callback_data_index,
+ (void *)callback_data);
+-
++
+ /*
+ * If this is not set, OpenSSL-0.9.8 (check_chain_extensions()
+ * called by x509_verify_cert()) treats the cert next to proxy
+ * in the chain to be CA cert and throws invalid CA error
+- */
++ */
+
+ #if defined(X509_V_FLAG_ALLOW_PROXY_CERTS)
+- X509_STORE_CTX_set_flags(
++ X509_STORE_CTX_set_flags(
+ store_context, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ #endif
+
+@@ -1783,7 +1783,7 @@ globus_gsi_cred_verify_cert_chain(
+ {
+ local_result = callback_error;
+ }
+-
++
+ result = globus_i_gsi_cred_error_join_chains_result(
+ result,
+ local_result);
+@@ -1791,7 +1791,7 @@ globus_gsi_cred_verify_cert_chain(
+ goto exit;
+ }
+ }
+-
++
+ exit:
+
+ if(cert_store)
+@@ -1852,8 +1852,8 @@ globus_gsi_cred_verify_cert_chain_when(
+ globus_result_t result = GLOBUS_SUCCESS;
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+-
+-
++
++
+ if(callback_data_in != NULL)
+ {
+ callback_data = callback_data_in;
+@@ -1861,7 +1861,7 @@ globus_gsi_cred_verify_cert_chain_when(
+ else
+ {
+ char * certdir = NULL;
+-
++
+ /* initialize the callback data */
+ result = globus_gsi_callback_data_init(&callback_data);
+ if(result != GLOBUS_SUCCESS)
+@@ -1869,8 +1869,8 @@ globus_gsi_cred_verify_cert_chain_when(
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+ result, GLOBUS_GSI_CRED_ERROR_WITH_CALLBACK_DATA);
+ goto exit;
+- }
+-
++ }
++
+ /* set the cert_dir in the callback data */
+ result = GLOBUS_GSI_SYSCONFIG_GET_CERT_DIR(&certdir);
+ if(result != GLOBUS_SUCCESS)
+@@ -1882,7 +1882,7 @@ globus_gsi_cred_verify_cert_chain_when(
+ if(certdir)
+ {
+ result = globus_gsi_callback_set_cert_dir(
+- callback_data,
++ callback_data,
+ certdir);
+ free(certdir);
+ if(result != GLOBUS_SUCCESS)
+@@ -1893,7 +1893,7 @@ globus_gsi_cred_verify_cert_chain_when(
+ }
+ }
+ }
+-
++
+ cert_store = X509_STORE_new();
+ if(cert_store == NULL)
+ {
+@@ -1902,7 +1902,7 @@ globus_gsi_cred_verify_cert_chain_when(
+ goto exit;
+ }
+
+- X509_STORE_set_verify_cb_func(cert_store,
++ X509_STORE_set_verify_cb_func(cert_store,
+ globus_gsi_callback_create_proxy_callback);
+ X509_STORE_set_depth(cert_store, GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+
+@@ -1917,7 +1917,7 @@ globus_gsi_cred_verify_cert_chain_when(
+
+ tmp_cert = cred_handle->cert;
+ cert = tmp_cert;
+-
++
+ if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+ {
+ /* override the check_issued with our version */
+@@ -1938,17 +1938,17 @@ globus_gsi_cred_verify_cert_chain_when(
+
+ X509_STORE_CTX_set_ex_data(
+ store_context,
+- callback_data_index,
++ callback_data_index,
+ (void *)callback_data);
+-
++
+ /*
+ * If this is not set, OpenSSL-0.9.8 (check_chain_extensions()
+ * called by x509_verify_cert()) treats the cert next to proxy
+ * in the chain to be CA cert and throws invalid CA error
+- */
++ */
+
+ #if defined(X509_V_FLAG_ALLOW_PROXY_CERTS)
+- X509_STORE_CTX_set_flags(
++ X509_STORE_CTX_set_flags(
+ store_context, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ #endif
+
+@@ -1985,7 +1985,7 @@ globus_gsi_cred_verify_cert_chain_when(
+ {
+ local_result = callback_error;
+ }
+-
++
+ result = globus_i_gsi_cred_error_join_chains_result(
+ result,
+ local_result);
+@@ -1993,14 +1993,14 @@ globus_gsi_cred_verify_cert_chain_when(
+ goto exit;
+ }
+ }
+-
++
+ exit:
+
+ if(callback_data && !callback_data_in)
+ {
+ globus_gsi_callback_data_destroy(callback_data);
+ }
+-
++
+ if(cert_store)
+ {
+ X509_STORE_free(cert_store);
+@@ -2069,7 +2069,7 @@ globus_gsi_cred_verify(
+ (_GCRSL("Error getting public key from issuer certificate")));
+ goto error;
+ }
+-
++
+ if(!X509_verify(handle->cert,issuer_pkey))
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -2081,7 +2081,7 @@ globus_gsi_cred_verify(
+ EVP_PKEY_free(issuer_pkey);
+
+ error:
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+ }
+@@ -2124,11 +2124,11 @@ globus_i_gsi_cred_goodtill(
+ {
+ cert_count = sk_X509_num(cred_handle->cert_chain);
+ }
+-
++
+ while(current_cert)
+ {
+ result = globus_gsi_cert_utils_make_time(
+- X509_get_notAfter(current_cert),
++ X509_get_notAfter(current_cert),
+ &tmp_goodtill);
+ if(result != GLOBUS_SUCCESS)
+ {
+@@ -2142,7 +2142,7 @@ globus_i_gsi_cred_goodtill(
+ {
+ *goodtill = tmp_goodtill;
+ }
+-
++
+ if(cred_handle->cert_chain && cert_count)
+ {
+ cert_count--;
+diff --git a/gsi/credential/source/library/globus_gsi_credential.c b/gsi/credential/source/library/globus_gsi_credential.c
+index ee83d55ec..0735c9932 100644
+--- a/gsi/credential/source/library/globus_gsi_credential.c
++++ b/gsi/credential/source/library/globus_gsi_credential.c
+@@ -70,7 +70,7 @@ globus_l_gsi_credential_activate(void)
+ if(tmp_string != GLOBUS_NULL)
+ {
+ globus_i_gsi_cred_debug_level = atoi(tmp_string);
+-
++
+ if(globus_i_gsi_cred_debug_level < 0)
+ {
+ globus_i_gsi_cred_debug_level = 0;
+@@ -101,7 +101,7 @@ globus_l_gsi_credential_activate(void)
+ {
+ goto exit;
+ }
+-
++
+ result = globus_module_activate(GLOBUS_GSI_SYSCONFIG_MODULE);
+
+ if(result != GLOBUS_SUCCESS)
+@@ -115,11 +115,11 @@ globus_l_gsi_credential_activate(void)
+ {
+ goto exit;
+ }
+-
++
+ OpenSSL_add_all_algorithms();
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+-
++
+ exit:
+
+ return result;
+@@ -173,7 +173,7 @@ globus_l_gsi_cred_subject_cmp(
+ * @details
+ * Read a credential from a filesystem location. The credential
+ * to read will be determined by the search order specified in the handle
+- * attributes.
++ * attributes.
+ * @param handle
+ * The credential handle to set. This credential handle
+ * should already be initialized using globus_gsi_cred_handle_init.
+@@ -211,7 +211,7 @@ globus_gsi_cred_read(
+ char * key = NULL;
+ char * proxy = NULL;
+ char * service_name = NULL;
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+
+ for(result_index = 0; result_index < 4; ++result_index)
+@@ -238,7 +238,7 @@ globus_gsi_cred_read(
+ case GLOBUS_PROXY:
+
+ results[result_index] = GLOBUS_GSI_SYSCONFIG_GET_PROXY_FILENAME(
+- &proxy,
++ &proxy,
+ GLOBUS_PROXY_FILE_INPUT);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -248,7 +248,7 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_PROXY_CRED);
+ break;
+ }
+-
++
+ results[result_index] = globus_gsi_cred_read_proxy(handle, proxy);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -257,11 +257,11 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_PROXY_CRED);
+ goto exit;
+ }
+-
++
+ if(desired_subject != NULL)
+ {
+ results[result_index] = globus_gsi_cred_get_X509_subject_name(
+- handle,
++ handle,
+ &found_subject);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -275,8 +275,8 @@ globus_gsi_cred_read(
+ desired_subject);
+
+ X509_NAME_free(found_subject);
+- found_subject = NULL;
+-
++ found_subject = NULL;
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -296,15 +296,15 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED);
+ goto exit;
+ }
+-
++
+ if(lifetime <= 0)
+ {
+ char * subject = NULL;
+-
++
+ subject = X509_NAME_oneline(
+ X509_get_subject_name(handle->cert),
+ NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+@@ -313,18 +313,18 @@ globus_gsi_cred_read(
+ proxy,
+ subject,
+ (-lifetime)/60));
+-
++
+ OPENSSL_free(subject);
+ goto exit;
+ }
+ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(1, (globus_i_gsi_cred_debug_fstream,
+- "Using Proxy file (%s)\n", proxy));
++ "Using Proxy file (%s)\n", proxy));
+
+ goto exit;
+
+ case GLOBUS_USER:
+-
+- results[result_index] =
++
++ results[result_index] =
+ GLOBUS_GSI_SYSCONFIG_GET_USER_CERT_FILENAME(&cert, &key);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -334,7 +334,7 @@ globus_gsi_cred_read(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_READING_CRED);
+ break;
+- }
++ }
+
+ results[result_index] = globus_gsi_cred_read_cert(handle, cert);
+ if(results[result_index] != GLOBUS_SUCCESS)
+@@ -346,14 +346,14 @@ globus_gsi_cred_read(
+ }
+
+ results[result_index] = globus_gsi_cred_read_key(
+- handle,
+- key,
++ handle,
++ key,
+ globus_i_gsi_cred_password_callback_no_prompt);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ globus_object_t * error_obj;
+ error_obj = globus_error_peek(results[result_index]);
+- if(globus_error_get_type(error_obj) ==
++ if(globus_error_get_type(error_obj) ==
+ GLOBUS_GSI_CRED_ERROR_KEY_IS_PASS_PROTECTED)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -382,7 +382,7 @@ globus_gsi_cred_read(
+ if(desired_subject != NULL)
+ {
+ results[result_index] = globus_gsi_cred_get_X509_subject_name(
+- handle,
++ handle,
+ &found_subject);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -391,14 +391,14 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_CRED);
+ goto exit;
+ }
+-
++
+ results[result_index] = globus_l_gsi_cred_subject_cmp(
+ found_subject,
+ desired_subject);
+
+ X509_NAME_free(found_subject);
+ found_subject = NULL;
+-
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -418,15 +418,15 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED);
+ goto exit;
+ }
+-
++
+ if(lifetime <= 0)
+ {
+ char * subject = NULL;
+-
++
+ subject = X509_NAME_oneline(
+ X509_get_subject_name(handle->cert),
+ NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+@@ -435,18 +435,18 @@ globus_gsi_cred_read(
+ cert,
+ subject,
+ (-lifetime)/60));
+-
++
+ OPENSSL_free(subject);
+ goto exit;
+ }
+
+ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(1, (globus_i_gsi_cred_debug_fstream,
+- "Using User cert file (%s), key file (%s)\n", cert, key));
++ "Using User cert file (%s), key file (%s)\n", cert, key));
+ goto exit;
+
+ case GLOBUS_HOST:
+-
+- results[result_index] =
++
++ results[result_index] =
+ GLOBUS_GSI_SYSCONFIG_GET_HOST_CERT_FILENAME(&cert, &key);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -456,7 +456,7 @@ globus_gsi_cred_read(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_READING_HOST_CRED);
+ break;
+- }
++ }
+
+ results[result_index] = globus_gsi_cred_read_cert(handle, cert);
+ if(results[result_index] != GLOBUS_SUCCESS)
+@@ -468,14 +468,14 @@ globus_gsi_cred_read(
+ }
+
+ results[result_index] = globus_gsi_cred_read_key(
+- handle,
+- key,
++ handle,
++ key,
+ globus_i_gsi_cred_password_callback_no_prompt);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ globus_object_t * error_obj;
+ error_obj = globus_error_peek(results[result_index]);
+- if(globus_error_get_type(error_obj) ==
++ if(globus_error_get_type(error_obj) ==
+ GLOBUS_GSI_CRED_ERROR_KEY_IS_PASS_PROTECTED)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -504,9 +504,9 @@ globus_gsi_cred_read(
+ if(desired_subject != NULL)
+ {
+ results[result_index] = globus_gsi_cred_get_X509_subject_name(
+- handle,
++ handle,
+ &found_subject);
+-
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -514,13 +514,13 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_HOST_CRED);
+ goto exit;
+ }
+-
++
+ results[result_index] = globus_l_gsi_cred_subject_cmp(found_subject,
+ desired_subject);
+
+ X509_NAME_free(found_subject);
+- found_subject = NULL;
+-
++ found_subject = NULL;
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -529,7 +529,7 @@ globus_gsi_cred_read(
+ goto exit;
+ }
+ }
+-
++
+ results[result_index] = globus_gsi_cred_get_lifetime(
+ handle,
+ &lifetime);
+@@ -540,15 +540,15 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED);
+ goto exit;
+ }
+-
++
+ if(lifetime <= 0)
+ {
+ char * subject = NULL;
+-
++
+ subject = X509_NAME_oneline(
+ X509_get_subject_name(handle->cert),
+ NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+@@ -557,23 +557,23 @@ globus_gsi_cred_read(
+ cert,
+ subject,
+ (-lifetime)/60));
+-
++
+ OPENSSL_free(subject);
+ goto exit;
+ }
+
+ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(1, (globus_i_gsi_cred_debug_fstream,
+- "Using Host cert file (%s), key file (%s)\n", cert, key));
++ "Using Host cert file (%s), key file (%s)\n", cert, key));
+ goto exit;
+-
++
+ case GLOBUS_SERVICE:
+
+ if(desired_subject != NULL)
+- {
++ {
+ results[result_index] =
+ globus_l_gsi_cred_get_service(desired_subject,
+ &service_name);
+-
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ service_name = NULL;
+@@ -581,9 +581,9 @@ globus_gsi_cred_read(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_READING_SERVICE_CRED);
+ break;
+- }
+-
+- results[result_index] =
++ }
++
++ results[result_index] =
+ GLOBUS_GSI_SYSCONFIG_GET_SERVICE_CERT_FILENAME(
+ service_name, &cert, &key);
+ if(results[result_index] != GLOBUS_SUCCESS)
+@@ -594,9 +594,9 @@ globus_gsi_cred_read(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_READING_SERVICE_CRED);
+ break;
+- }
++ }
+
+- results[result_index] =
++ results[result_index] =
+ globus_gsi_cred_read_cert(handle, cert);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -605,16 +605,16 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_SERVICE_CRED);
+ goto exit;
+ }
+-
++
+ results[result_index] = globus_gsi_cred_read_key(
+- handle,
+- key,
++ handle,
++ key,
+ globus_i_gsi_cred_password_callback_no_prompt);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ globus_object_t * error_obj;
+ error_obj = globus_error_peek(results[result_index]);
+- if(globus_error_get_type(error_obj) ==
++ if(globus_error_get_type(error_obj) ==
+ GLOBUS_GSI_CRED_ERROR_KEY_IS_PASS_PROTECTED)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -628,7 +628,7 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_SERVICE_CRED);
+ goto exit;
+ }
+-
++
+ results[result_index] = globus_i_gsi_cred_goodtill(
+ handle,
+ &(handle->goodtill));
+@@ -643,7 +643,7 @@ globus_gsi_cred_read(
+ if(desired_subject != NULL)
+ {
+ results[result_index] = globus_gsi_cred_get_X509_subject_name(
+- handle,
++ handle,
+ &found_subject);
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+@@ -652,13 +652,13 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_READING_SERVICE_CRED);
+ goto exit;
+ }
+-
++
+ results[result_index] = globus_l_gsi_cred_subject_cmp(found_subject,
+ desired_subject);
+
+ X509_NAME_free(found_subject);
+- found_subject = NULL;
+-
++ found_subject = NULL;
++
+ if(results[result_index] != GLOBUS_SUCCESS)
+ {
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+@@ -667,7 +667,7 @@ globus_gsi_cred_read(
+ break;
+ }
+ }
+-
++
+ results[result_index] = globus_gsi_cred_get_lifetime(
+ handle,
+ &lifetime);
+@@ -678,15 +678,15 @@ globus_gsi_cred_read(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED);
+ goto exit;
+ }
+-
++
+ if(lifetime <= 0)
+ {
+ char * subject = NULL;
+-
++
+ subject = X509_NAME_oneline(
+ X509_get_subject_name(handle->cert),
+ NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+@@ -695,13 +695,13 @@ globus_gsi_cred_read(
+ cert,
+ subject,
+ (-lifetime)/60));
+-
++
+ OPENSSL_free(subject);
+ goto exit;
+ }
+
+ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(1, (globus_i_gsi_cred_debug_fstream,
+- "Using Service cert file (%s), key file (%s)\n", cert, key));
++ "Using Service cert file (%s), key file (%s)\n", cert, key));
+ goto exit;
+ }
+ else
+@@ -709,17 +709,17 @@ globus_gsi_cred_read(
+ result_index--;
+ break;
+ }
+-
++
+ case GLOBUS_SO_END:
+ {
+ globus_object_t * multiple_obj;
+-
++
+ multiple_obj = globus_error_construct_multiple(
+ GLOBUS_GSI_CREDENTIAL_MODULE,
+ GLOBUS_GSI_CRED_ERROR_NO_CRED_FOUND,
+ _GCRSL(globus_l_gsi_cred_error_strings[
+ GLOBUS_GSI_CRED_ERROR_NO_CRED_FOUND]));
+-
++
+ while(result_index--)
+ {
+ globus_error_mutliple_add_chain(
+@@ -728,11 +728,11 @@ globus_gsi_cred_read(
+ _GCRSL("Attempt %d"),
+ result_index + 1);
+ }
+-
++
+ result_index = 0;
+ results[result_index] = globus_error_put(multiple_obj);
+ }
+-
++
+ GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(
+ results[result_index],
+ GLOBUS_GSI_CRED_ERROR_NO_CRED_FOUND);
+@@ -744,28 +744,28 @@ globus_gsi_cred_read(
+ free(proxy);
+ proxy = NULL;
+ }
+-
++
+ if(cert)
+ {
+ free(cert);
+ cert = NULL;
+ }
+-
++
+ if(key)
+ {
+ free(key);
+ key = NULL;
+ }
+-
++
+ if(service_name)
+ {
+ free(service_name);
+ service_name = NULL;
+ }
+-
++
+ result_index++;
+ } while(++index);
+-
++
+ exit:
+
+ result = results[result_index];
+@@ -783,7 +783,7 @@ globus_gsi_cred_read(
+ {
+ free(proxy);
+ }
+-
++
+ if(cert)
+ {
+ free(cert);
+@@ -793,7 +793,7 @@ globus_gsi_cred_read(
+ {
+ free(key);
+ }
+-
++
+ if(service_name)
+ {
+ free(service_name);
+@@ -826,7 +826,7 @@ globus_gsi_cred_read_proxy(
+ {
+ BIO * proxy_bio = NULL;
+ globus_result_t result;
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+
+ if(handle == NULL)
+@@ -874,10 +874,10 @@ globus_gsi_cred_read_proxy(
+ * @brief Read proxy credential from a BIO
+ * @ingroup globus_gsi_cred_operations
+ * @details
+- * Read a Proxy Credential from a BIO stream and set the
++ * Read a Proxy Credential from a BIO stream and set the
+ * credential handle to represent the read credential.
+ * The values read from the stream, in order, will be
+- * the signed certificate, the private key,
++ * the signed certificate, the private key,
+ * and the certificate chain.
+ *
+ * @param handle
+@@ -1118,7 +1118,7 @@ globus_gsi_cred_read_proxy_bio(
+ * @param key_filename
+ * the filename of the key to read
+ * @param pw_cb
+- * the callback for obtaining a password for decrypting the key.
++ * the callback for obtaining a password for decrypting the key.
+ *
+ * @return
+ * GLOBUS_SUCCESS or an error object identifier
+@@ -1152,7 +1152,7 @@ globus_gsi_cred_read_key(
+ "key file: %s for reading"), key_filename));
+ goto exit;
+ }
+-
++
+ /* read in the key */
+
+ if(handle->key != NULL)
+@@ -1294,7 +1294,7 @@ globus_gsi_cred_read_cert_bio(
+ }
+
+ /* read in the cert */
+-
++
+ if(handle->cert != NULL)
+ {
+ X509_free(handle->cert);
+@@ -1314,7 +1314,7 @@ globus_gsi_cred_read_cert_bio(
+ {
+ sk_X509_pop_free(handle->cert_chain, X509_free);
+ }
+-
++
+ if((handle->cert_chain = sk_X509_new_null()) == NULL)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1323,7 +1323,7 @@ globus_gsi_cred_read_cert_bio(
+ (_GCRSL("Can't initialize cert chain\n")));
+ goto exit;
+ }
+-
++
+ while(!BIO_eof(bio))
+ {
+ X509 * tmp_cert = NULL;
+@@ -1346,7 +1346,7 @@ globus_gsi_cred_read_cert_bio(
+ }
+ ++i;
+ }
+-
++
+ result = globus_i_gsi_cred_goodtill(handle, &(handle->goodtill));
+
+ if(result != GLOBUS_SUCCESS)
+@@ -1356,7 +1356,7 @@ globus_gsi_cred_read_cert_bio(
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED);
+ goto exit;
+ }
+-
++
+ result = GLOBUS_SUCCESS;
+
+ exit:
+@@ -1415,19 +1415,19 @@ globus_gsi_cred_read_cert_buffer(
+ bp = BIO_new(BIO_s_mem());
+
+ BIO_write(bp, pem_buf, strlen(pem_buf));
+-
++
+ result = globus_gsi_cred_handle_init(&handle, NULL);
+ if(result != GLOBUS_SUCCESS)
+ {
+ goto error;
+ }
+-
++
+ result = globus_gsi_cred_read_cert_bio(handle, bp);
+ if(result != GLOBUS_SUCCESS)
+ {
+ goto error;
+ }
+-
++
+ if(out_cert)
+ {
+ result = globus_gsi_cred_get_cert(handle, &cert);
+@@ -1437,7 +1437,7 @@ globus_gsi_cred_read_cert_buffer(
+ }
+ *out_cert = cert;
+ }
+-
++
+ if(out_cert_chain)
+ {
+ result = globus_gsi_cred_get_cert_chain(handle, &cert_chain);
+@@ -1447,7 +1447,7 @@ globus_gsi_cred_read_cert_buffer(
+ }
+ *out_cert_chain = cert_chain;
+ }
+-
++
+ if(out_subject)
+ {
+ result = globus_gsi_cred_get_identity_name(handle, &subject);
+@@ -1455,9 +1455,9 @@ globus_gsi_cred_read_cert_buffer(
+ {
+ goto error;
+ }
+- *out_subject = subject;
++ *out_subject = subject;
+ }
+-
++
+ if(out_handle)
+ {
+ *out_handle = handle;
+@@ -1466,11 +1466,11 @@ globus_gsi_cred_read_cert_buffer(
+ {
+ globus_gsi_cred_handle_destroy(handle);
+ }
+-
++
+ BIO_free(bp);
+
+ return GLOBUS_SUCCESS;
+-
++
+ error:
+ if(bp)
+ {
+@@ -1495,7 +1495,7 @@ error:
+ {
+ globus_gsi_cred_handle_destroy(handle);
+ }
+-
++
+ return result;
+ }
+ /* globus_gsi_cred_read_cert_buffer() */
+@@ -1542,7 +1542,7 @@ globus_gsi_cred_read_pkcs12(
+ (_GCRSL("NULL handle passed to function: %s"), __func__));
+ goto exit;
+ }
+-
++
+ pkcs12_bio = BIO_new_file(pkcs12_filename, "r");
+ if(!pkcs12_bio)
+ {
+@@ -1575,7 +1575,7 @@ globus_gsi_cred_read_pkcs12(
+ }
+
+ auth_safes = PKCS12_unpack_authsafes(pkcs12);
+-
++
+ if(!auth_safes)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1586,13 +1586,13 @@ globus_gsi_cred_read_pkcs12(
+ }
+
+ pkcs12_certs = sk_X509_new_null();
+-
++
+ for (i = 0; i < sk_PKCS7_num(auth_safes); i++)
+ {
+ pkcs7 = sk_PKCS7_value(auth_safes, i);
+-
++
+ bag_NID = OBJ_obj2nid(pkcs7->type);
+-
++
+ if(bag_NID == NID_pkcs7_data)
+ {
+ pkcs12_safebags = PKCS12_unpack_p7data(pkcs7);
+@@ -1624,11 +1624,11 @@ globus_gsi_cred_read_pkcs12(
+ for (j = 0; j < sk_PKCS12_SAFEBAG_num(pkcs12_safebags); j++)
+ {
+ bag = sk_PKCS12_SAFEBAG_value(pkcs12_safebags, j);
+-
++
+ if(PKCS12_bag_type(bag) == NID_certBag &&
+ PKCS12_cert_bag_type(bag) == NID_x509Certificate)
+ {
+- sk_X509_push(pkcs12_certs,
++ sk_X509_push(pkcs12_certs,
+ PKCS12_certbag2x509(bag));
+ }
+ else if(PKCS12_bag_type(bag) == NID_keyBag &&
+@@ -1646,7 +1646,7 @@ globus_gsi_cred_read_pkcs12(
+ goto exit;
+ }
+ }
+- else if(PKCS12_bag_type(bag) ==
++ else if(PKCS12_bag_type(bag) ==
+ NID_pkcs8ShroudedKeyBag &&
+ handle->key == NULL)
+ {
+@@ -1661,7 +1661,7 @@ globus_gsi_cred_read_pkcs12(
+ (_GCRSL("Couldn't get PKCS8 key from PKCS12 credential")));
+ goto exit;
+ }
+-
++
+ handle->key = EVP_PKCS82PKEY(pkcs8);
+ if (!handle->key)
+ {
+@@ -1671,7 +1671,7 @@ globus_gsi_cred_read_pkcs12(
+ (_GCRSL("Couldn't get private key from PKCS12 credential")));
+ goto exit;
+ }
+-
++
+ PKCS8_PRIV_KEY_INFO_free(pkcs8);
+ }
+ }
+@@ -1687,12 +1687,12 @@ globus_gsi_cred_read_pkcs12(
+ goto exit;
+ }
+
+- j = sk_X509_num(pkcs12_certs);
++ j = sk_X509_num(pkcs12_certs);
+ for(i = 0 ; i < j; i++)
+ {
+ handle->cert = sk_X509_pop(pkcs12_certs);
+
+- if(X509_check_private_key(handle->cert, handle->key))
++ if(X509_check_private_key(handle->cert, handle->key))
+ {
+ sk_X509_pop_free(pkcs12_certs, X509_free);
+ pkcs12_certs = NULL;
+@@ -1752,7 +1752,7 @@ globus_gsi_cred_read_pkcs12(
+ * Write out a credential to a BIO. The credential parameters written,
+ * in order, are the signed certificate, the RSA private key,
+ * and the certificate chain (a set of X509 certificates).
+- * the credential is written out in PEM format.
++ * the credential is written out in PEM format.
+ *
+ * @param handle
+ * The credential to write out
+@@ -1780,7 +1780,7 @@ globus_gsi_cred_write(
+ (_GCRSL("NULL handle passed to function: %s"), __func__));
+ goto error_exit;
+ }
+-
++
+ if(bio == NULL)
+ {
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+@@ -1789,7 +1789,7 @@ globus_gsi_cred_write(
+ (_GCRSL("NULL bio variable passed to function: %s"), __func__));
+ goto error_exit;
+ }
+-
++
+ if(!PEM_write_bio_X509(bio, handle->cert))
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -1798,7 +1798,7 @@ globus_gsi_cred_write(
+ (_GCRSL("Can't write PEM formatted X509 cert to BIO stream")));
+ goto error_exit;
+ }
+-
++
+ if(!PEM_write_bio_PrivateKey(bio, handle->key,
+ NULL, NULL, 0, NULL, NULL))
+ {
+@@ -1808,7 +1808,7 @@ globus_gsi_cred_write(
+ (_GCRSL("Can't write PEM formatted private key to BIO stream")));
+ goto error_exit;
+ }
+-
++
+ for(i = 0; i < sk_X509_num(handle->cert_chain); ++i)
+ {
+ if(!PEM_write_bio_X509(bio, sk_X509_value(handle->cert_chain, i)))
+@@ -1821,14 +1821,14 @@ globus_gsi_cred_write(
+ goto error_exit;
+ }
+ }
+-
++
+ error_exit:
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+-}
++}
+ /* globus_gsi_cred_write() */
+-
++
+ /**
+ * @brief Write a proxy credential
+ * @ingroup globus_gsi_cred_operations
+@@ -1836,7 +1836,7 @@ globus_gsi_cred_write(
+ * Write out a credential to a file. The credential parameters written,
+ * in order, are the signed certificate, the RSA private key,
+ * and the certificate chain (a set of X509 certificates).
+- * the credential is written out in PEM format.
++ * the credential is written out in PEM format.
+ *
+ * @param handle
+ * The credential to write out
+@@ -1856,7 +1856,7 @@ globus_gsi_cred_write_proxy(
+ mode_t oldmask;
+ FILE * temp_proxy_fp = NULL;
+ int temp_proxy_fd = -1;
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+
+ /*
+@@ -1873,10 +1873,10 @@ globus_gsi_cred_write_proxy(
+ goto exit;
+ }
+
+- /*
++ /*
+ * We always unlink the file first; it is the only way to be
+ * certain that the file we open has never in its entire lifetime
+- * had the world-readable bit set.
++ * had the world-readable bit set.
+ */
+ #if _WIN32
+ /* Win32 API won't allow removing a read-only file */
+@@ -1884,8 +1884,8 @@ globus_gsi_cred_write_proxy(
+ #endif
+ temp_proxy_fd = remove(proxy_filename);
+
+- /*
+- * Now, we must open w/ O_EXCL to make certain that WE are
++ /*
++ * Now, we must open w/ O_EXCL to make certain that WE are
+ * creating the file, so we know that the file was BORN w/ mode 0600.
+ * As a bonus, O_EXCL flag will cause a failure in the presence
+ * of a symlink, so we are safe from zaping a file due to the
+@@ -1904,18 +1904,18 @@ globus_gsi_cred_write_proxy(
+ temp_proxy_fp = fdopen(temp_proxy_fd,"w");
+
+ /* Hand the stream over to ssl */
+- if( !(temp_proxy_fp) ||
++ if( !(temp_proxy_fp) ||
+ !(proxy_bio = BIO_new_fp(temp_proxy_fp, BIO_CLOSE)))
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WRITING_PROXY_CRED,
+ (_GCRSL("Can't open bio stream for writing to file: %s"), proxy_filename));
+- if ( temp_proxy_fp )
++ if ( temp_proxy_fp )
+ {
+ fclose(temp_proxy_fp);
+- }
+- else if (temp_proxy_fd >= 0 )
++ }
++ else if (temp_proxy_fd >= 0 )
+ {
+ /* close underlying fd if we do not have a stream */
+ close(temp_proxy_fd);
+@@ -1924,7 +1924,7 @@ globus_gsi_cred_write_proxy(
+ goto exit;
+ }
+
+- /*
++ /*
+ * Note: at this point, calling BIO_free(proxy_bio) will
+ * fclose the temp_proxy_fp, which in turn should close temp_proxy_fd.
+ */
+@@ -1957,7 +1957,7 @@ globus_gsi_cred_write_proxy(
+ globus_libc_umask(oldmask);
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+-}
++}
+ /* globus_gsi_cred_write_proxy() */
+
+ /**
+@@ -1983,7 +1983,7 @@ globus_gsi_cred_get_cert_type(
+ globus_result_t result;
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+-
++
+ result = globus_gsi_cert_utils_get_cert_type(handle->cert, type);
+ if(result != GLOBUS_SUCCESS)
+ {
+@@ -2048,7 +2048,7 @@ globus_i_gsi_cred_get_proxycertinfo(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_WITH_CRED,
+- (_GCRSL("NULL X509 cert parameter passed to function: %s"),
++ (_GCRSL("NULL X509 cert parameter passed to function: %s"),
+ __func__));
+ goto exit;
+ }
+@@ -2061,7 +2061,7 @@ globus_i_gsi_cred_get_proxycertinfo(
+ goto exit;
+ }
+
+- if((pci_extension = X509_get_ext(cert,
++ if((pci_extension = X509_get_ext(cert,
+ extension_loc)) == NULL)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -2081,9 +2081,9 @@ globus_i_gsi_cred_get_proxycertinfo(
+ "extension to internal form")));
+ goto exit;
+ }
+-
++
+ exit:
+-
++
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+ return result;
+ }
+@@ -2125,16 +2125,16 @@ globus_l_gsi_cred_subject_cmp(
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+
+-
++
+ /* if desired subject is NULL return success */
+-
++
+ if(!desired_subject)
+ {
+ goto exit;
+ }
+
+ /* check for single /CN entry */
+-
++
+ if(X509_NAME_entry_count(desired_subject) == 1)
+ {
+ /* make sure we actually got a common name */
+@@ -2156,7 +2156,7 @@ globus_l_gsi_cred_subject_cmp(
+ cn_index = X509_NAME_get_index_by_NID(actual_subject, NID_commonName, -1);
+
+ /* error if no common name was found */
+-
++
+ if(cn_index < 0)
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+@@ -2168,7 +2168,7 @@ globus_l_gsi_cred_subject_cmp(
+ }
+
+ /* check that actual subject only has one CN entry */
+-
++
+ if(X509_NAME_get_index_by_NID(actual_subject, NID_commonName, cn_index) != -1)
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+@@ -2183,7 +2183,7 @@ globus_l_gsi_cred_subject_cmp(
+
+ length = X509_NAME_get_text_by_NID(desired_subject, NID_commonName,
+ NULL, 1024) + 1;
+-
++
+ desired_cn = malloc(length);
+
+ X509_NAME_get_text_by_NID(desired_subject, NID_commonName,
+@@ -2193,7 +2193,7 @@ globus_l_gsi_cred_subject_cmp(
+
+ length = X509_NAME_get_text_by_NID(actual_subject, NID_commonName,
+ NULL, 1024) + 1;
+-
++
+ actual_cn = malloc(length);
+
+ X509_NAME_get_text_by_NID(actual_subject, NID_commonName,
+@@ -2219,7 +2219,7 @@ globus_l_gsi_cred_subject_cmp(
+ actual_service = actual_cn;
+ actual_host++;
+ }
+-
++
+ desired_host = strchr(desired_cn,'/');
+
+ if(desired_host == NULL)
+@@ -2233,7 +2233,7 @@ globus_l_gsi_cred_subject_cmp(
+ desired_service = desired_cn;
+ desired_host++;
+ }
+-
++
+ if(desired_service == NULL &&
+ actual_service == NULL)
+ {
+@@ -2258,7 +2258,7 @@ globus_l_gsi_cred_subject_cmp(
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+ desired_str = X509_NAME_oneline(desired_subject, NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_SUBJECT_CMP,
+@@ -2269,7 +2269,7 @@ globus_l_gsi_cred_subject_cmp(
+ desired_str,
+ actual_str));
+ }
+-
++
+ goto exit;
+ }
+ else if(actual_service == NULL)
+@@ -2278,7 +2278,7 @@ globus_l_gsi_cred_subject_cmp(
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+ desired_str = X509_NAME_oneline(desired_subject, NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_SUBJECT_CMP,
+@@ -2289,8 +2289,8 @@ globus_l_gsi_cred_subject_cmp(
+ desired_str,
+ actual_str));
+ }
+-
+- goto exit;
++
++ goto exit;
+ }
+ else
+ {
+@@ -2298,7 +2298,7 @@ globus_l_gsi_cred_subject_cmp(
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+ desired_str = X509_NAME_oneline(desired_subject, NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_SUBJECT_CMP,
+@@ -2309,7 +2309,7 @@ globus_l_gsi_cred_subject_cmp(
+ desired_str,
+ actual_str));
+ }
+-
++
+ goto exit;
+
+ }
+@@ -2322,7 +2322,7 @@ globus_l_gsi_cred_subject_cmp(
+ {
+ actual_str = X509_NAME_oneline(actual_subject, NULL, 0);
+ desired_str = X509_NAME_oneline(desired_subject, NULL, 0);
+-
++
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_SUBJECT_CMP,
+@@ -2335,7 +2335,7 @@ globus_l_gsi_cred_subject_cmp(
+ }
+ goto exit;
+ }
+-
++
+ exit:
+
+ if(actual_cn)
+@@ -2347,7 +2347,7 @@ globus_l_gsi_cred_subject_cmp(
+ {
+ free(desired_cn);
+ }
+-
++
+ if(actual_str)
+ {
+ OPENSSL_free(actual_str);
+@@ -2359,7 +2359,7 @@ globus_l_gsi_cred_subject_cmp(
+ }
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+-
++
+ return result;
+ }
+
+@@ -2378,9 +2378,9 @@ globus_l_gsi_cred_get_service(
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+
+ *service = NULL;
+-
++
+ /* if desired subject is NULL return success */
+-
++
+ if(!subject)
+ {
+ goto exit;
+@@ -2391,7 +2391,7 @@ globus_l_gsi_cred_get_service(
+ cn_index = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+
+ /* error if no common name was found */
+-
++
+ if(cn_index < 0)
+ {
+ subject_str = X509_NAME_oneline(subject, NULL, 0);
+@@ -2403,7 +2403,7 @@ globus_l_gsi_cred_get_service(
+ }
+
+ /* check that subject only has one CN entry */
+-
++
+ if(X509_NAME_get_index_by_NID(subject, NID_commonName, cn_index) != -1)
+ {
+ subject_str = X509_NAME_oneline(subject, NULL, 0);
+@@ -2418,12 +2418,12 @@ globus_l_gsi_cred_get_service(
+
+ length = X509_NAME_get_text_by_NID(subject, NID_commonName,
+ NULL, 1024) + 1;
+-
++
+ cn = malloc(length);
+-
++
+ X509_NAME_get_text_by_NID(subject, NID_commonName,
+ cn, length);
+-
++
+ host = strchr(cn,'/');
+
+ if(host == NULL)
+@@ -2455,9 +2455,9 @@ globus_l_gsi_cred_get_service(
+ GLOBUS_GSI_CRED_ERROR_RESULT(
+ result,
+ GLOBUS_GSI_CRED_ERROR_GETTING_SERVICE_NAME,
+- (_GCRSL("No service name found in subject %s.\n"), subject_str));
++ (_GCRSL("No service name found in subject %s.\n"), subject_str));
+ }
+-
++
+ goto exit;
+
+ exit:
+@@ -2473,7 +2473,7 @@ globus_l_gsi_cred_get_service(
+ }
+
+ GLOBUS_I_GSI_CRED_DEBUG_EXIT;
+-
++
+ return result;
+ }
+
+--
+2.54.0
+
diff --git a/0002-Build-with-OpenSSL-4.patch b/0002-Build-with-OpenSSL-4.patch
new file mode 100644
index 0000000..fc081d7
--- /dev/null
+++ b/0002-Build-with-OpenSSL-4.patch
@@ -0,0 +1,72 @@
+From 24375b8503d2a4373600b14d03700b697415737b Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Wed, 20 May 2026 00:15:37 +0200
+Subject: [PATCH 2/2] Build with OpenSSL 4
+
+---
+ .../source/library/globus_gsi_cred_handle.c | 2 +-
+ .../source/library/globus_gsi_credential.c | 13 +++++++++----
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/gsi/credential/source/library/globus_gsi_cred_handle.c b/gsi/credential/source/library/globus_gsi_cred_handle.c
+index cf3dc2a18..8c96f40b2 100644
+--- a/gsi/credential/source/library/globus_gsi_cred_handle.c
++++ b/gsi/credential/source/library/globus_gsi_cred_handle.c
+@@ -1278,7 +1278,7 @@ globus_gsi_cred_get_policies(
+ goto exit;
+ }
+ memcpy(policy_string,
+- ASN1_STRING_data(policy->policy),
++ ASN1_STRING_get0_data(policy->policy),
+ policy_string_length);
+
+ }
+diff --git a/gsi/credential/source/library/globus_gsi_credential.c b/gsi/credential/source/library/globus_gsi_credential.c
+index 0735c9932..319c7a7a9 100644
+--- a/gsi/credential/source/library/globus_gsi_credential.c
++++ b/gsi/credential/source/library/globus_gsi_credential.c
+@@ -1529,6 +1529,7 @@ globus_gsi_cred_read_pkcs12(
+ PKCS7 * pkcs7 = NULL;
+ STACK_OF(PKCS7) * auth_safes = NULL;
+ PKCS8_PRIV_KEY_INFO * pkcs8 = NULL;
++ const PKCS8_PRIV_KEY_INFO * pkcs8c = NULL;
+ BIO * pkcs12_bio = NULL;
+ int i, j, bag_NID;
+
+@@ -1634,8 +1635,8 @@ globus_gsi_cred_read_pkcs12(
+ else if(PKCS12_bag_type(bag) == NID_keyBag &&
+ handle->key == NULL)
+ {
+- pkcs8 = PKCS12_SAFEBAG_get0_p8inf(bag);
+- handle->key = EVP_PKCS82PKEY(pkcs8);
++ pkcs8c = PKCS12_SAFEBAG_get0_p8inf(bag);
++ handle->key = EVP_PKCS82PKEY(pkcs8c);
+ if (!handle->key)
+ {
+ GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(
+@@ -2026,7 +2027,11 @@ globus_i_gsi_cred_get_proxycertinfo(
+ {
+ globus_result_t result = GLOBUS_SUCCESS;
+ int pci_old_NID;
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION * pci_extension = NULL;
++#else
++ const X509_EXTENSION * pci_extension = NULL;
++#endif
+ int extension_loc;
+
+ GLOBUS_I_GSI_CRED_DEBUG_ENTER;
+@@ -2484,8 +2489,8 @@ globus_l_credential_sort_cert_list(
+ {
+ X509 * tmp_cert = NULL;
+ X509 * tmp_signer = NULL;
+- X509_NAME * candidate_issuer;
+- X509_NAME * signer_subject;
++ const X509_NAME * candidate_issuer;
++ const X509_NAME * signer_subject;
+ STACK_OF(X509) * ordered_certs;
+ int i, j, issuer_idx;
+
+--
+2.54.0
+
diff --git a/globus-gsi-credential.spec b/globus-gsi-credential.spec
index af324a9..239995c 100644
--- a/globus-gsi-credential.spec
+++ b/globus-gsi-credential.spec
@@ -1,13 +1,15 @@
Name: globus-gsi-credential
%global _name %(tr - _ <<< %{name})
Version: 8.5
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Grid Community Toolkit - Globus GSI Credential Library
License: Apache-2.0
URL: https://github.com/gridcf/gct/
Source: https://repo.gridcf.org/gct6/sources/%{_name}-%{version}.tar.gz
Source8: README
+Patch0: 0001-Untabify-and-remove-trailing-white-space.patch
+Patch1: 0002-Build-with-OpenSSL-4.patch
BuildRequires: make
BuildRequires: gcc
@@ -59,6 +61,8 @@ Globus GSI Credential Library Documentation Files
%prep
%setup -q -n %{_name}-%{version}
+%patch -P0 -p4
+%patch -P1 -p4
%build
# Reduce overlinking
@@ -107,6 +111,9 @@ rm %{buildroot}%{_pkgdocdir}/GLOBUS_LICENSE
%license GLOBUS_LICENSE
%changelog
+* Sun Jun 14 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 8.5-3
+- Compile with OpenSSL 4
+
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 8.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
reply other threads:[~2026-06-14 8:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178142691900.1.15955051551463147434.rpms-globus-gsi-credential-62a68d2b8f64@fedoraproject.org \
--to=mattias.ellert@physics.uu.se \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox